Enron Mail

From:donna.lowry@enron.com
To:sally.beck@enron.com, wes.colwell@enron.com, ted.murphy@enron.com,rick.carson@enron.com
Subject:Business Risk Management Reporting
Cc:richard.lauer@enron.com
Bcc:richard.lauer@enron.com
Date:Thu, 20 Apr 2000 09:30:00 -0700 (PDT)

As a follow up to the meeting with AA on Friday, April 14, Richard and I
discussed with AA (Sorrells, Grutzmacher and Brown) how the monthly BRM
controller's meeting deliverables and database deliverables should be
prepared. The proposal I think we should recommend to AA is the following:

Opening and closing meeting with front line managers and discussion of all
items, regardless of priority ratings (high, medium, low)
Report generated to the Business Risk Managers at the monthly controller
meeting in the "Project Doorstep" style, incorporating existing controls and
observations/action steps to be taken on the critical issues (those with a
high rating) and identify responsible person(s) and target date
Follow up matrix report relating to the specific project audited in the
manner consistent with the BRM database indicating priority ratings (the high
issues should match the issues reported in the monthly controller meetings)
Eliminate the summary report that has typically be presented at the monthly
controller meetings

Once the "Project Doorstep" style report presented by AA is received at the
monthly controller meeting, compliance will input the issues into the second
database to enable the reminder notifications to be sent to the person(s)
responsible for the action step. In addition, a monthly progress report will
be generated from compliance to the Business Risk Managers to show the
critical (high) issues and implementation detail, if any.

It will be imperative that AA issue final reports on the projects immediately
after they have been completed and deliver the matrix within two (2) weeks
after the monthly controller meetings to Compliance for inputting to the BRM
database. If this information is not received within the two week time
period, compliance will notify the BRM's and AA of the deficiency.

It will also be necessary for you, the Business Risk Managers, to notify your
front line personnel that they will be receiving the email notifications on
action plans with specific target dates and with the expectation that the
responsible persons will be expected to respond to the email with the status
report of the issue.

If you are in agreement with this reporting plan, please indicate so in a
return email message to me and I will coordinate all responses and
communicate this to AA. I feel that this process will provide the BRM's the
necessary information that you have indicated you want to hear in the
controller's meetings, including the candid discussions as well as provide
compliance with the necessary information to maintain the database so the
information is available for the corporate needs.

If you have any questions, please do not hesitate to call me at 31939. Thank
you for your attention. Donna Lowry